22 February 2024

Chinese hack-for-hire firm claims to have hacked multiple govts across the world


Chinese hack-for-hire firm claims to have hacked multiple govts across the world

Chinese authorities are investigating a major leak of documents from a private security contractor I-Soon, associated with the country's top policing agency and other governmental entities. The cache of documents, which surfaced on GitHub last week, provides a rare glimpse into the alleged cyber espionage activities of the firm.

The trove of documents, numbering in the hundreds, sheds light on I-Soon's purported activities, including what appears to be hacking operations targeting both Chinese nationals and foreigners. An analysis conducted by cybersecurity firm SentinelOne described I-Soon (aka Anxun) as a company vying for “low-value hacking contracts” from various government agencies.

According to SentinelOne and Malwarebytes, the leaked documents suggest that I-Soon infiltrated several government departments, including those from India, Thailand, Vietnam, South Korea, and NATO.

The company is also said to have developed sophisticated tools capable of compromising devices across multiple operating systems, including Linux, Windows, macOS, iOS, and Android. Notably, the Android exploits purportedly allow for the extraction and transmission of users' messaging histories from Chinese chat applications (QQ, WeChat, and MoMo), as well as Telegram.

I-Soon purportedly sought contracts in Xinjiang, a region where the Chinese government has faced international scrutiny for its treatment of the Muslim Uyghur population. The documents suggest that I-Soon attempted to secure work in Xinjiang by highlighting its experience in anti-terrorism operations in Pakistan and Afghanistan.

Moreover, the leaked materials detail the hardware hacking devices allegedly employed by I-Soon, including a device described as a “poisoned power bank” capable of uploading data into victims' machines.

As of now, the source of the leak remains unidentified. Researchers theorize that the data could have been leaked by a disgruntled employee.


Back to the list

Latest Posts

Iranian hackers exploit RMM tools to deliver malware

Iranian hackers exploit RMM tools to deliver malware

One of the aspects of MuddyWater's strategy involves exploiting Atera's free trial offers.
24 April 2024
Ongoing malware campaign targets multiple industries, distributes infostealers

Ongoing malware campaign targets multiple industries, distributes infostealers

The campaign leverages a CDN cache domain as a download server, hosting malicious HTA files and payloads.
24 April 2024
US charges four Iranian hackers for cyber intrusions

US charges four Iranian hackers for cyber intrusions

The group targeted both both government and private entities.
24 April 2024